On 27 Feb 2017 9:19 am, "Igor Cicimov" <[email protected]> wrote:
Hi Lukas, On 27 Feb 2017 5:53 am, "Lukas Tribus" <[email protected]> wrote: Hi, Am 26.02.2017 um 19:02 schrieb [email protected]: > Hi, > > If I understand, the 301 is produced by haproxy. If it is the case, > there are an ugly soluce. > > Haproxy can't add header to a redirect because redirect is a final > directive. After executing the redirect no more action are executed. > > The trick is to create a listen proxy dedicated for redirect, and > modify the response of these proxy from the main proxy. If a dedicated > proxy produces the response, the main proxy considers this as forwarded > traffic and can add headers. > Also see: http://blog.haproxy.com/2015/06/09/haproxy-and-http-strict-t ransport-security-hsts-header-in-http-redirects/ Lukas Maybe I'm stupid but in the example from the link you sent: frontend fe_myapp bind :443 ssl crt /path/to/my/cert.pem bind :80 use_backend be_dummy if !{ ssl_fc } default_backend be_myapp backend be_myapp http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; server s1 10.0.0.1:80 be_dummy server haproxy_fe_dummy_ssl_redirect 127.0.0.1:8000 frontend fe_dummy bind 127.0.0.1:8000 http-request redirect scheme https I don't see how is the hsts header being inserted in the redirect? Except if the purpose was to point to the fact that hsts in http response is going to be ignored...
